This Personal Data Processing and Protection Policy (the “Policy“) is adopted and in effect in the AIROME Technologies which is located at 6 EU Tong Sen Street #09-09, Singapore, 059817 (“the Company” or “we” ).
We may collect and use the personal data you provide to us when:
- you access our websites and mobile applications (the “websites”) from any device or when communicating with us in any form in compliance with this Policy. By using our websites and providing your personal data to us, you give your consent to have your personal data processed in compliance with this Policy;
- you get in touch with us with a question, complaint, comment or feedback (such as name, contact details and contents of the communication). In these cases, the individual is in control of the personal data shared with us and we will only use the data for the purpose of responding to the communication and handling the matter as appropriate. The personal data referred above may include name, employer name, contact title, phone, email and other business contact details;
- we provide services to our clients. Our policy is to collect only the personal data necessary for specified purposes and we ask our clients only to share personal data where it is strictly needed for those purposes. Where we need to process personal data to provide our services, we ask our clients to get appropriate person’s authorization and provide the necessary information to the data subjects concerned regarding its use;
- we manage the relationship, contract and receive services from our suppliers and subcontractors.
We process personal data about contacts (existing and potential AIROME clients and/or individuals associated with them) using a customer relationship management systems (the “AIROME CRM”).
The collection of personal data about contacts and the addition of that personal data to the AIROME CRM is initiated by a AIROME user and will include name, employer name, contact title, phone, email and other business contact details. In addition, the AIROME CRM helps AIROME users to manage relations with contacts or third parties by observing data concerning interactions between AIROME users and contacts or third parties in AIROME email (sender name, recipient name, date and time) and calendar (organiser name, participant name, date and time of event). Personal data relating to business contacts may be visible to and used by AIROME users to learn more about an account, client or opportunity they have an interest in.
- Key terms and definitions
“Personal data” is any information that is related directly or indirectly to a specific or identifiable individual.
“Personal data processing” is performing any actions or sets of actions with respect to your personal data including the following: collect, record, systemise, gather, store, update, alter, extract, use, transfer (provide, access), depersonalise, block, delete, destroy with and without the use of personal data automated processing systems.
- The Principles of processing of personal data
- We process personal data lawfully and fairly.
- Processing involves only the personal data which meet the intended purposes of the processing thereof.
- The contents and scope of processed personal data correspond to the declared purposes of processing. Processed personal data is not excessive in respect of the declared purposes of processing thereof.
- The term of processing of personal data is limited within the scope of specified, preset and lawful purposes.
- We take all necessary measures for providing security of processing personal data.
- We respect lawful rights of personal data subjects and ensure their protection in the processing of personal data.
- The types of data we collect
We may collect the following types of data:
- the personal data you provide to us when filling out information fields at our websites, including filling out the contact form, subscribing to news mailouts, registering for our events;
- the personal data and other information contained in the messages you send to us;
- the personal data that we need to obtain and process in order to render services and provide or receive professional advice and deliverables.
- Purposes of personal data processing
We may process your personal data for purposes it has been provided for only, including the following:
- registering you at our websites to grant access to selected sections;
- providing you with information about the Company, our services and events;
- answering your requests and enquiring for additional information;
- organizing your participation in our events and surveys;
- sending you our news casts;
- distributing requested reference materials;
- conducting client acceptance procedures;
- providing or receiving professional services;
- developing our businesses and services;
- making personal data available to AIROME employees for performing services and for offering new services;
- identifying clients with similar needs;
- performing analytics such as on market trends, relationships maps or sales opportunities; in addition, the AIROME CRM uses an algorithm to evaluate the strength of interactions between a AIROME user and a contact. This ranking is primarily based on interaction frequency, duration, recency and response time;
- administering managing and developing our businesses and services, including:
- ➔ managing our relationship with clients;
- ➔ developing our businesses and services (such as identifying client needs and improvements in service delivery);
- ➔ maintaining and using IT systems;
- ➔ hosting or facilitating the hosting of events; and
- ➔ administering and managing our website and systems and applications;
- security, quality and risk management activities, including:
- ➔ detecting, investigating and resolving security threats;
- ➔ monitoring the quality of our services and managing risks in relation to our clients as part of our client engagement and acceptance procedures;
- ➔ monitoring the quality of our services and managing risks in relation to our suppliers and subcontractors as part of our contracting procedures.
- other purposes upon your consent.
We process technical data to:
- ensure our websites’ operability and security;
- improve our websites’ quality.
We do not place your personal data in publicly available sources. We do not make any decisions that would have adverse legal implications for or otherwise violate your rights and rightful interests based on personal data automated processing only.
- Your rights
Protecting your personal data rights and liberties is pivotal to the way we do business.
To ensure your rights and liberties are protected, upon your request, we will:
- inform you on the source and contents of your personal data that we process;
- inform you on the legal basis, purposes, terms and means of processing your personal data;
- introduce the necessary changes to your personal data if you confirm it is incomplete, inaccurate or outdated within 7 business days from the date of the receipt of such confirmation and notify you on the changes made;
- notify you on the cross-border transfer of your personal data made or planned;
- notify you on the name and location of the organisations, which have access to your personal data and to which your personal data may be disclosed upon your consent;
- inform you about the company name or full name of entities/individuals charged with processing your personal data;
- notify you on the exercise of your rights during our processing of your personal data;
- exclude you from our news mailout list;
- stop processing your personal data if unlawful processing on our side is confirmed and notify you on remedial action taken;
- destroy your personal data if unlawful receipt or unintended use thereof is confirmed within 7 business days from the date of the receipt of such confirmation and notify you on remedial action taken;
- answer any questions related to your personal data we process.
- How you can contact us
You can send us a request or complaint related to your personal data processing by email or by post under the subject “Request on Personal Data” including information on the purposes for which your data was provided to us and context of our processing activities to the following email address: firstname.lastname@example.org or postal address: 6 EU Tong Sen Street #09-09, Singapore, 059817. We may ask you to provide additional information regarding your request which is necessary for provision of response to you.
- Consent Withdrawal
You can send us a personal data consent withdrawal under subject “Personal Data Processing Consent Withdrawal”) including information on the purposes for which your data was provided to us and context of our processing activities to the following email address: email@example.com or postal address: 6 EU Tong Sen Street #09-09, Singapore, 059817.
- When and how we share personal data and locations of processing
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
We have different branches around the globe and in common with other professional service providers, we use third parties located in other countries to help us run our business. As a result, personal data may be transferred outside the countries where we and our clients are located. Your personal data security during cross-border transfers is very important to us. We take all necessary measures to guarantee confidentiality and security of your personal data.
Cross-border transfers of personal data to countries that do not ensure adequate protection of personal data are permissible only with your written consent or to execute a contract to which you are a Party. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data are done lawfully.
Personal data held by us may be transferred to:
- Third party organisations that provide applications/functionality, data processing or IT services to us.
- We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.
- Third party organisations that otherwise assist us in providing goods, services or information.
- Auditors and other professional advisers.
- Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation.
- Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
- Personal data security
To ensure the security of your personal data during processing, we take all necessary and sufficient legal, organisational and technical measures to protect personal data from unauthorised or accidental access, destruction, alteration, blocking, copying, disclosure, or distribution, as well as against all other unlawful actions with respect to personal data.
For ensuring the adequate protection of your personal data, we assess the potential damage that could be inflicted on you if your personal data were compromised, and identify relevant threats to your personal data security during processing in personal data information systems.
The Company has adopted internal regulations on personal data security. The Company’s employees who have access to personal data are familiar with this Policy and internal regulations on personal data security.
- Cessation of personal data processing
We stop processing your personal data in the following cases:
- conditions of cessation of personal data processing arise or the agreed term expires;
- data processing purposes are achieved or it is no longer necessary to achieve such purposes;
- upon your request if the personal data processed have been obtained unlawfully or are not necessary for the stated purpose of processing;
- if the processing is identified as unlawful and it is impossible to ensure its lawfulness;
- when your data processing consent expires or you withdraw your consent provided there are no other legal bases for personal data processing stipulated by the Russian law;
- if the Company is liquidated.
- Links to third-party websites
Our websites may contain links to third-party websites and services beyond our control. We do not bear any liability for security and confidentiality of any information collected by third-party websites or services.
- Policy Changes
We may update the Policy if necessary. We advise you to check for the latest version of this Policy from time to time. By continuing to use our websites after the Policy is updated, you agree with the latest changes introduced.